You are here

The Nightmare that is Social Media Malware

March 11, 2020

By:

Chen N. Argote

share this

Social media today has become a world of its own, catering to people around the globe from all walks of life. Almost everyone it seems, from children to senior citizens, have at least one social media account. With Facebook alone—the most popular platform—there are already over 2.4 billion active users. This year, the Philippines ranks as the 6th country with the most number of users, boasting 70 million registered accounts.

This surge in popularity may be attributed to how social media has significantly upgraded the way we communicate as a society—making it easier, faster, and more convenient. The way we are now able to interact in real-time with people from different parts of the world seemed inconceivable about a decade ago. As a technology, it’s also changed so much that, in most countries, it’s not even seen as a mere communication tool anymore. It has already become this venue for creativity and self-expression, benefitting not just individuals but businesses and governments as well. This has led to social media users being exposed to all sorts of online content, ranging from hilarious memes, multiple selfies, and annoying rants to disturbing videos and scandalous photos.

It is because of these same qualities that social media has also become notorious for being a place where identity theft, libelous posts, scams, and other illegal, malicious, or harmful acts abound. Its billions of users make up a vast ocean of would-be victims in the eyes of cybercriminals.

One type of threat users are regularly exposed to every time they log on to their social media accounts are malware. Malware is a broad term used to refer to malicious programs created to compromise computer functions, steal data, gain access control and cause harm to computers. Social media malware, in particular, are developed to exploit social media as a means of transmission.

Needless to say, online criminals quickly realized that social media is a faster and a more effective way of spreading their malicious programs. Users are more likely to click on links they put up because access to social media is more widespread, thanks to enterprising internet service providers who frequently offer it for free, even if only for a limited period of time. This explains why online criminals have invested so much in social media.

For the past couple of years, there have been plenty of examples highlighting the dangers posed by social media malware. Here are a couple of them:

In December 2019, seemingly harmless holiday greetings being shared on Facebook and Facebook Messenger turned out to be a virus. Users reported receiving a pop-up holiday greeting, which, once clicked, redirected them to an unsecure website asking for their personal data in order for them to get their very own personalized greeting. Little did they know that while they were on the site, a “malicious” program was already running in the background, sharing the greeting anew via their accounts. It basically made them carriers without them knowing it. Experts say the malware may have been developed to steal identities, documents, and information, such as bank account details. The Cyber Security Philippines-CERT, a non-profit firm, issued an advisory warning people not to open malicious links, especially those found in unsolicited emails or messages. Those who have done so already were advised to immediately change the passwords of their online accounts.

A couple of years back, a different type of malware prowled social media. It was a Trojan that would share a post featuring adult content, while tagging its victim’s Facebook friends. It worked by luring potential victims to a link with porn content. People who clicked on the link were able to watch a porn video that would stop halfway and ask the viewer to download a video player before continuing to play the video. The player was fake, of course. Instead of playing videos, it accessed the user’s account and gave the malware developer control over his or her keyboard and mouse devices. The malware spread by posting the same video link on its victim’s Facebook timeline, while tagging his or her friends. On Facebook Messenger, there was a similar program that spread itself by telling a user that a friend is included in a post with pornographic content.

This problem is not in any way limited to Facebook. With Twitter, for instance, security researchers discovered in 2018 a malware that took instructions from codes hidden in memes posted on the platform. Once it infected a computer, it would take screenshots and collect other data from the affected system and then send these back to the malware’s creator/s.

With these, it is important for people to be aware how fast technology is evolving and how cybercriminals are making sure they are able to keep up. Knowing that, they should ask themselves whether they are also doing their best in terms of protecting themselves and their data. Some would argue it shouldn’t even be limited to that, as there is also the responsibility to protect others by not enabling the spread or sharing of malware.

The available solutions are as varied as the problems. For the layperson, a good starting point would be to educate one’s self about social media and the many risks it poses. This way, the next time one encounters a malicious app or software, one already knows the appropriate approach to take. Then, there is also the concurrent obligation to help others become aware of the problem, too. Let family and friends know that they should never entertain suspicious messages or links. Warn them about unsecure websites, too. Remind them not to be reckless with their information and help them remember that whatever one puts on the web is always at risk of falling into the wrong hands.

There will certainly be professionals out there whose job is to protect people from social media malware and other similar threats. To help them in our own way and, also, to make sure we don’t rely on them too much, we should also do our part by arming ourselves with the right kind and the right amount of information about such problems.

Downloads

Contact Form
[doc] [pdf]Use this form to submit or file inquiries, concerns, complaints, or to report a security incident or data breach.

Incident Report Form
[doc] [pdf]For University Personnel, use this form to report a security incident or data breach.